2018年7月31日ccna ccnav3.0修改版课件15-0实现vlan和trunk

1、Implementing VLANs and Trunks实现VLAN和TrunkBuilding a Medium-Sized Network erconnecting Cisco Networking Devi, Part 1 (ICND1) v3.0204426777IThese ies in a Poorly Designed Networkes are often found in poorly desidnetworks:s一个超大的广播域，极其浪费带宽Large broadcastManagement and support challenges带来管理和支持上的sible se

2、curity vulnerabilities安全性几乎为0204426777VLANroductionA VLAN is a virtual LAN.VLAN = broadcastVLAN = logical network (subnet)VLANs address these needs:SegmenSecurityionNetwork flexibility灵活性204426777Trunking with 802.1QRunning many VLANs betn switches would require thesamber oferconnecting links.204426

3、777Trunking with 802.1Q (Cont.)Combining many VLANs on the same port is called trunking-trunk允许多个vlan流量在同一链路转发A trunk allows the transporion of frames from different VLANs.t specifies the VLANt it belongs to通过帧中的tag指定vlan流量的归属Each frame has a tagFrames are forwarded to the corresponding VLAN based o

4、n the tag information.基于帧把相应vlan的信息转发到端口204CCNAv3.0课程Trunking with 802.1Q (Cont.)204426777Trunking with 802.1Q (Cont.)204426777Trunking with 802.1Q (Cont.)204426777Creating a VLANAdds VLAN 2 and names it Sales204426777SwitchX#configure terminal SwitchX(config)#vlan 2 SwitchX(config-vlan)SalesCreatin

5、g a VLAN (Cont.)Verifies VLAN2204426777SwitchX# show vlan id 2VLAN NameSusPorts2SalesactiveFa0/2, Fa0/12VLAN Type SAIDMTUParent RingNo BridgeNo StpBrdgMode Trans1 Trans22enet 100002 1500 -00Assigning a Port to a VLANAssigns port FastEthernet0/3 to VLAN 2204426777SwitchX#configure terminal SwitchX(co

6、nfig)#erface FastEthernet 0/3 SwitchX(config-iswitchport acs vlan 2Assigning a Port to a VLAN (Cont.)Verifiest port FastEthernet0/3 was assigned to VLAN 2204426777SwitchX#show vlan briefVLAN NameSusPortsdefaultactiveFa0/1SalesactiveFa0/3vlan3activevlan4activeAssigning a Port to a VLAN (Cont.)Verifie

7、s VLAN membership on the Fa0/3erface204426777SwitchX#showerface FastEthernet0/3 switchportName: Fa0/3 Switchport: EnabledAdministrative Mode: dynamic auto Operational Mode: sic acs Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: native Negotiation of Trunking: OnAcs

8、Mode VLAN: 2 (Sales)Configuring an 802.1Q TrunkEnter theerface configuration mode.Configure the Fa0/11erface as a VLAN trunk.Change the native VLAN from 1 to 99.SwitchX#configure SwitchX(config)# SwitchX(config-iterminalerface FastEthernet 0/11#switchport mode trunkSwitchX(config-if)#switchport trun

9、k native vlan99Native VLAN 的帧在Trunk链不带标记交换机收到不打标记的帧将会转发到Native vlan。vlan d204426777Configuring an 802.1Q Trunk (Cont.)o Verifies a trunk on the Fa0/11erface204426777SwitchX#showerfaFastEthernet0/11 trunkPortModeEncapsulation SusNative vlan Fa0/11 on802.1qtrunking99PortVlans allowed on trunk Fa0/111-

10、4094PortVlans allowed and activeanagementFa0/111-13SwitchX#showerfaFastEthernet0/11 switchportName: Fa0/11 Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1q Negotiation of Trunking: OnAcs Mode VLAN: 99 Trunking Native Mode VLAN: 99VLAN D

11、esign Considerationsum number of VLANs is switch-dependent考虑VLAN数目以及The交换机可以承载的vlanVLAN 1 is the factory-default Ethernet VLAN.A use-dedicated VLAN is for the Cisco swit一个专门的vlan进行交换机的管理Keep management traffic in a separate VLAN.Change the native VLAN to something other native vlan更改到一个不用的vlananagem

12、ent IP address.用n VLAN 1为了安全期间把204426777VLAN Design Considerations (Cont.)When configuring a trunk link, consider the following:Make suret the native VLAN for an 802.1Q trunk is the same on bothends of the trunk link.确保native vlan在trunk的两端相同n Cisco switches.用DTP协议管DTP manages trunk negotiations bet理

13、思科设备trunk的协商204426777Physical Redundancy in a LANLoops may occurhe network as part of a design strategy forredundancy.物理环路在有冗余的同时也会造成环路的产生204426777Physical Redundancy in a LAN (Cont.)通过Spanning-tree避免环路的产生204426777实施DTP协议204426777Trunking ConfigurationdsTrunks can be configured s或者DTP默认配置trunkically

14、 or via DTP.可以通过静态DTP provides the ability to negotiate the trunkingConmfigeutrhinogda.DTrTuPnk协议提供协商trunk的方式switchport trunkswitchport modeswitchport nonegotiate204426777DTPDTP - Dynamic Trunking protocol它的前身是DISL - Dynamic ISL它们都是思科私有的协议，用于协商Trunk链路（类型为0X2004的组播MAC：01-00-让回顾0C-CC-CC-CC,每间隔一秒发送一次，形

15、成干道之后间隔30秒发送）TrunkON 默认发送DTP（ switchport mode trunk ）OFF 用命令“switchport nonegotiate”关掉DTPDynamic一下青葱岁月的“恋爱故事”Auto 默认不发送DTP，但是收到DTP后可以回复，协商switchport mode dynamic autoDesirable 默认主动发送DTP，主动协商switchport mode dynamic desirable-IOU不支持该命令Acs 不发送DTP,不协商Trunk204426777Trunk工作模式204426777链路trunk模式描述开启将端口强制设定为

16、Trunk即使对端不成为Trunk，本端也成为Trunk关闭将端口强制设定为非Trunk期望（desirable）端口主动与邻接端口协商为Trunk自动（Auto）如果邻接端口尝试协商为Trunk，则成为Trunk非协商将端口强制设定为Trunk，并且不在发送DTP报文Switchport 模式交互Note: Table ashow dtpmes DTP is enabled at both ends.erface 看当前配置Debug dtp event-验证DTP事件204426777Dynamic AutoDynamicDesirableTrunkAcsDynamic AutoAcsTr

17、unkTrunkAcsDynamic DesirableTrunkTrunkTrunkAcsTrunkTrunkTrunkTrunkNotmendedAcsAcsAcsNotmendedAcs实施VTP协议204426777VTP-VLAN Trunking ProtocolVTP is a Layer 2 messaging protocolt maains VLAN configuration consistencyby managing the addition, deletion, and renaming of VLANs on a network-wide basisVTP是一种为

18、了保持VLAN配置的连续性，方便管理增加、删除、重命名VLAN等行为设计的二层协议VTP 应用场景，在交换网络中减少配置量，在一台VTP server上配置vlan，该信息会分发到该域内的所有设备。VTP是思科私有协议，在绝大多数交换机上都支持目前存在三个版本V1、V2和V3（版本兼容性存在一些问题）VTP Ver1 and VTPVer2 are noteroperable on switcheshe same VTP. Every switchhe VTPmust use the same VTP ver.204426777VTP 协议公告 VLAN 配置信息在整个公共管理域内保持VLAN

19、配置一致只在Trunk端口发送公告/空时接收域信息并同步不同设备不同版本的IOS默认的VTP版本号不一204426777VTP 域交换 VLAN 信息的一组交换机交换机上管理VLANs在204426777VTP 模式Server (服务器模式，默认的模式)创建、修改和删除 VLANs发送和转发公告同步 VLAN 配置VLAN 配置信息保存在 Flash 的 vlan.dat 里面Cnt（客户模式）不能创建、修改和删除 VLANs发送、续传公告同步 VLAN 配置VLAN 配置信息保存在 Flash 的vlan.dat里面Transparent（透明模式）创建、修改和删除 VLANs不发送公告，转发公告不同步 VLAN 配置VLAN 配置信息保存在 Config 里面204426777nt同步ServerVTP C现在VTP Cnt配置版本号为5（已经被同步过）服务器端vtp为0NULL（会清空配置版本号），此时服务器端配置版本号QYT（修改，与客户端相同），那么此时客户端会同步服务vtp器端